Features
- ExpressVPN support (#623)
- WeVPN support (#591)
- Healthcheck uses DNS and ping to
github.com
instead of only DNS to avoid relying on DNS cache HEALTH_ADDRESS_TO_PING
variable- Adapt logger prefix to VPN used
openvpn:
for OpenVPNwireguard:
for Wireguard
VPNSP
valuecustom
for OpenVPN custom config files (#621)VPNSP
valuecustom
for Wireguard custom configurationWIREGUARD_PUBLIC_KEY
variableWIREGUARD_ENDPOINT_IP
variable
- OpenVPN custom configuration file is reloaded on VPN restarts
- OpenVPN custom configuration file is parsed at start to log out valid settings
- Support IPv6 routing for Wireguard
- Log Wireguard server endpoint
- Log Wireguard keys when
LOG_LEVEL=debug
- Windscribe OpenVPN default cipher set to
aes-256-gcm
- Update server information built-in
- Cyberghost
- FastestVPN
- Mullvad
format-servers
CLI command
Changes
VPNSP=custom
OpenVPN configuration file:up
anddown
options are not filtered outOPENVPN_INTERFACE
overrides the network interface defined in the configuration filePORT
overrides any port found in the configuration file
- Remove NordVPN
SERVER_NAME
filter functionality- Filter was not effective
- Is to be deprecated in v4 anyway
- Bump NordVPN server model version to
3
- Remove
Name
field from NordVPN server model
- Remove
CYBERGHOST_GROUP
as it does not make sense anymore with newer server data
Fixes
- Set non block on TUN device
- Close HTTP client connections when tunnel comes up
- Public IP loop deadlock
- OpenVPN
VPNSP=custom
does not deduplicate lines - PureVPN remove OpenVPN cipher option
AES-256-CBC
- Cyberghost OpenVPN cipher option defaults to
aes-128-gcm
- Repository
servers.json
path for maintainer server update cli - Add missing HTTP status code check for Windscribe API
PIA_ENCRYPTION
default in Go program- Defaults to
strong
instead of strong certificate string - No impact on Docker images since variable is set to
strong
in Dockerfile - Only read
PIA_ENCRYPTION
if service provider is PIA
- Defaults to
- (Security) Remove OpenVPN compression option (affects FastestVPN, Hide My Ass, IP Vanish, IVPN, NordVPN, PIA, PrivateVPN, ProtonVPN, Torguard, VPN Unlimited, VyprVPN)
- FastestVPN updated OpenVPN configuration
- HideMyAss:
Cote d'Ivoire
server country name - Log errors with error level for OpenVPN
- PIA
SERVER_NAME
variable functionality
Documentation
- Readme
- Update with updated Wiki pages and links
- Add Wireguard in top description
- Add Console Substack interview link
- Remove docker-compose.yml file which is now inlined in readme
- Update Wireguard support list
- Issue templates
- Add
Unraid template issue
contact link to discussion #550 - Add
Wiki issue
yml template - Replace help issue template by issue contact link to Github discussion
- Update bug issue template to use yml format
- Update feature request issue template to use yml format
- Remove default assignees
- Add
- Update maintenance document
Maintenance
- Rename environment variables with retro-compatibility
HEALTH_OPENVPN_DURATION_INITIAL
toHEALTH_VPN_DURATION_INITIAL
HEALTH_OPENVPN_DURATION_ADDITION
toHEALTH_VPN_DURATION_ADDITION
WIREGUARD_PORT
toWIREGUARD_ENDPOINT_PORT
PORT
toOPENVPN_PORT
PROTOCOL
toOPENVPN_PROTOCOL
REGION
toCOUNTRY
for Cyberghost
- OpenVPN options
- remove deprecated
tun-ipv6
(affects all)keysize
ncp-disable
(affects Cyberghost, PIA, Torguard, Windscribe)keepalive
replaced byping*
options
- remove unneeded
script-security
(affects Cyberghost, Mullvad, PureVPN, Surfshark, Torguard, Windscribe)ping-timer-rem
route-delay
(affects Cyberghost, PureVPN)route-method
(affects PureVPN)tun-mtu 1500
(affects FastestVPN, NordVPN, ProtonVPN, Surfshark, Torguard)tls-client
(affects FastestVPN)ping-exit
andping-restart
(affects all)disable-occ
(affects PIA to match the Wiki)
- add only when running without root:
persist-tun
persist-key
- add
tls-exit
to PIA configuration - add
explicit-exit-notify
when using UDP
- remove deprecated
- Dynamically set allowed VPN input ports
- Allow to change VPN type at runtime
- Allow to change interface name at runtime
- Add cleanup method to cleanup VPN loop on a vpn shutdown
- Allow VPN inputs ports only when tunnel is up
internal/openvpn/extract
package instead ofinternal/openvpn/custom
packageinternal/openvpn/parse
package- Parse PEM key data for Cyberghost and VPNUnlimited
- Add more unit tests
- All providers'
BuildConf
method return an error - Rename
CustomConfig
toConfFile
in Settings structures - Rename Wireguard
CustomPort
- Use type aliases in
internal/netlink
- Re-order Dockerfile environment variables
- Improve
internal/configuration/health_test.go
unit test - Re-order OpenVPN options
golangci-lint
:- Remove
disable-all: true
and enabled by default linters - Add more linters
- Remove
- Package-local narrow
Logger
interfaces - Package-local log levels
- Go program uses
time/tzdata
instead of Alpine'stzdata
- Go program uses
github.com/breml/rootcerts
together with Alpine'sca-certificates
- Bump github.com/fatih/color from 1.12.0 to 1.13.0 (#635)
- Bump github.com/qdm12/goshutdown from v0.1.0 to v0.3.0